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(57) [Stt] 

"3*, MIB->7 h U5>** 1 1 icSfSJtlSx— 
?f->«HP*, a»3IW>Ji:LT«*UJ*r*tt*# 



■> 7 h U v 5 7. ^ 



11 



..12 



(2) 



#SSf7-3 667 2 



-*lcS^TAaT-*ffi££J*r*SSi#»i:x 

R«*f#ISlc<£f$;*ttfcx-*£A2j U rfiZwi?* 

M§B«8#®Kfi*#i*tt£x-*<0-SI3£, SLR&$iJ<t 
£ HUfcM^ * - * *5U*KI*»ai L T / \°5 ?<■ - 2 % 

KJBiroffijf^SlEfijtfftifcx-^^A^U P/r^W 
/\7*-*lcg^TA^x-2fl££&T3Sgl OS 

Rig 1 ©stia^SJ: y Wfc* ft*SJBfl»«.Hc»"^T« 
t-* 2 

KW2 0«J##SJ::«}#*tiftT-^*A*iU Hr£© 

siesta- n s x- * * jesrr 2 omm^m 

t. 

BBBlOffi^aicfiatJtifcx-^^ASU F/r£© 

is 



S9I31B1 ©«8#£SKS8£ft3x-*c7)-SP£, SLR 

<h #mt&/ & * - * ^y^m^»t±j lt/ \^ * - * * 
a«x*B»fbrsw^b#«££as««mz:fli*. 

X - * t fi& T ««t 2 t . 

R*2©^#aK«8;rn/-c7 r -**AaU P/t£© 
R*2©«»#«U:<l:*RliRJMC»"3*» MISHI2© 

«83Msic«*#a- tisx-* ^M^-r 2 ©mwt#& 

WIB*2 0«i#*S»c«»*tiS7 ; -*0-S*, SLR 
3R5iJ»tLT«*[a*irSJ(t2fl!)m*l#Stv 

SBr5»2©IIHl#S t h. 

ffi£©/ \°5 ^ - * ICS^T Art 7 s - * £££ U 

rrrorrh:*^*. huib^ 1 ©^au^^ns 

t— >*BffU 

buES 1 ©fl^lcfi^f ft* x- iLR^ 

Rairt*ft*&R^JfcS^Tiifi**R^bLT« 

t-* *fi»r 4* 2 ©S&HPKSf^ft/c 
7 s -*** 2 OS&Stc A* U 

©/ > -2 icg^T A* x - 9 *S» U 
RSRORRKR-Sf*, 8uK*2©«J$SW«:«J5;*ti« 

i5IBR2©^Rlc«fc*ft4x-*©-R£. SIR& 

i»*«6] as««T. x-* 1 ©«# 

«lc«*arftfcT-*«R 1 ©SRRfcArt u 

m&<»/ * — jhcr-^t Art 7 s - 9 u 

RS»©R*U:S-3* . ftlBR 1 ©SfcRtcfi&fcSftS 
l3iB/f5p<-^<!:LTai*3RWfi»6R3R5"J*«tS-r«C 



(3) 
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SflMWT\ t— 1 ZUftTZft 2 ©«JS«fc«l#;*ftfc 
9— 9 2 ©SJMHC A*J U 
F/t£<D/ \7 / - * U*3l*T A7Jx- * U 
KS»©«*KS-3*» MS!&2 0«8gflU:«£?tl3 

ME/<5y-*iLTtil*jll»>J4l k 6BBI»>J*Jt«r«C 
Btt«; \°5 > - * *5iJ*IO*»ai LT / 15 * — * * 
MRU 

Baa* nsai^jfc»^Tira*sws--r« c t 

[000 1] 

<!:©aa£ffi^fc-> = =l l/->3V(::Kint.fl3T'$ 

So 

[0 0 0 2] 

K. B±ftJMH(3l (M3RW) «8£T*«B7<r-K 
hl^T.* (LFSR) ^ffl^fct^^Me 

[000 3] LFSR7JxCi:(*> El 4(C^-TJ:5lCs 
K<£>->7 r-Uv>'X*R (t) = (r s (t) , r s -1 

(t) . ... . r 2 (t) , n (t) ) t*'i>7 ai 
i&tt) 5'J (h s . h s -l . ... . h 2 . hi ) frS& 
U. #B&5 Uh77l C£K*0!>J:3JMM**IrIB*U: 
3 C £ ic <fc V , WKaa^J *£fiE*- **S£T* So 

[0004] (a) tetSOUyx^Ckf-y h ri 

(t) tmi&Jim&itLTtiittZo 

[0005] k t =ri (t) 

(b) r s (t) , rs-1 (t) . ... , r 2 (t) « 

[0 0 0 6] r i (t + 1) = r j+1 (t) ( i = 1, 

2. ... . s - 1 ) 

(c) m&m<D\sPZZ<D£v h r s (t + 1) £Uv> 

[0 0 0 7] 
mi] 

r, (t + 1) -£h, • r, (t) mod2 

i-l 

X/»« s s 5U©ff W H fcfflWT. 



R (t + 1) =H • R (t) mod2 (1) 

[0 0 0 8] 
W2] 



r,(t+l) 




h. 


h,-i 


••• hj h 2 


h, 


r,(t) 


iv,(t+l) 




1 


0 


- 0 0 


0 


r.-,(t) 


r«(t+l) 




0 


1 


- 0 0 


0 


r.- a (t) 


r,(t+ 1) 




0 


0 


•■• 1 0 


0 


r,(t) 


. r,(t+l). 




0 


0 


- 0 1 


0. 


n(t) . 



[0 0 0 9] CWsgOLFSRa^yT^Jfc-pSKiS 

r s c t # t*» *oe«3i»>jtf Mawa^MiiHWJ 

[0 0 10] L#Lft#6. CfflLFSR*«^*a» 
LFSR CD*£fl>14£f'Jffl LT 2 s If 7 
aJ73WHattWfrSs«©*y75y (h s . h s -i . 
. h2, hi ) *WT©*»T*^T**5o 

[ooii] ai^stiaftftiatt^jtfki . k 2 . 

... , k 2s T*ofcit5 l !:, 365^ t (t = K 
2. ... . s + 1) <7>uyx*©F*3gR (t) 
R (1) = (k s v K s -1 > ... . ki ) T 
R (2) = (k s +1 . K s . ... » k2 ) T 

R (s + 1) = (k 2s , K 2s -t k s+ i ) T 

UBtltZ 0 ttKBSST) o C©B& mix. Y£ 
X= (R (1) . R (2) ..... R (s) ) 
Y= (R (2) v R (3) » ... , R (s + 1) ) 
LtZt. it (1 ) £>) 
Y = H • X 

H = Y-X"1 (2) 

led: UH tf*465*is 9 v *x*„ 
[0 0 12] -3*y» att0>JHffl(i2S -l?«5tff 
©?52 s ti'7 hT'L F S R©«M^W. CO 
^OBSjjSiWRtcSttfihSattyiJ^TfefroT 

L*3fc46s aaattW£«*ffl©att£LTffli"*te 

[0 0 13] S/c. »7-f- K/\*-y5">7 hU'-yX 

**ffl^w#. ta^aaRWflDUWricjMftft^aiia) 

/\-U*>y-7'y-t!'r07;H1' l JXA (E. R. 
Berlekamp "Algebraic codin 
g theory" x McGraw— Hill Boo 
k Company. 1 9 6 8 ) iCcfc >J *tf>JS9iJ££fi£ 



(4) 
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aa^ats a (2) y*ff*h*mett# 

So/Co 

[0014] «±a«wc, »«itjA«T0!)tii/jajk«# 
T*8*ic*»r*cfctf?**a»«££5S*«i:± 

[0 0 15] £5SA£ttR&y, **BSj5*?lC*£* 

x j+1 =xj2modn (i=0. 1 
bj = I sb (xj ) ( i =0, 1, 2, ... ) 
KJ: 0X4^6*13 (fc/cU n = p -q, I s blig 

[0 0 17] C©*»(cj:y4l«*tifcSM»5<Jbi , b 
2 .... v bj 0^6bj+i Zs&lbZZttt. n*m 

trcv-s, -3*y. **«ja*Tic»4*tifca»5>j© 

*aa***r*c*<mi«»fcH*fc**j:5a:3& 
sac* y S(dE*nrcaatt. w^Hica^aweiaa 

[0 0 18] LfrU att»£fc£ LTWH«WEft£ 
&S{Katt»£53S*fl3^fcWSfctt. hu51?<7)J:o(c 

p, q*»stfv haaicrsisRtffey. *<o«#. 

xt (3) Oxj+i = xj2 m od n£ltW?3fcia<Dat» 

BatcaasatT^ft^iL^MHfl 5 * 

[0 0 19] 

lc«8£ft3x-2£^T£>M*ft#Ki:, Misfit 
[0 0 2 0] Sfc, *3eW©f6©IK*»cJ:titf, x-* 

*yiji:LTiiii*ta^r«sa^#st, mw^*-*t 



ftfcattw©*ft x s*©B&£w»tc»£*ft4'<#aa 
t^racttf^MfcHHtftsasass^wTic 

[0 0 16] SiCBODStJRSatLT, *M r7 KM> 

HzX ■ -f > • * 'J 7 hPyf-J ( "Advances i 
n Cryptology" , 1 98 3*f SHt\ P L E 
NUM PRESS. 6 1~7 8JS) iC^TrtVCVScfc 

d%7j>i*^penTL^o o$y. att3i*bi , b 

2. ... tt*t\£yhb\ it. xo *ffltte5A*«J 
fflft p. q^SatLT, 
. 2, ... ) (3) 

[002 1] *«WOflfi©J8a»C«fctl(*. T-* 

*«fcT5lS 1 <Dffift#&i:, KM 1 ©Sft#KKS8 
* tlfcx— Sr 5 A7D U »f£0/ \7 * (CS^T A 

7jT-*«*aftr s* 1 ism 1 

#B»c «*: «3C»tSJIltc»-if#» SuSSS 1 ©fiHt#«lE« 

T«*aar*w 1 (Dtati^t. mm 1 ©aja^a* 

fiSmt^v KJS2©^#BMc«J#;*;|x/i:7 !: -**A 
7J U 3i^M7 * — ? lC*3l*T A73 t - * ffl&Sft 

JRKSrJ*. *5K*2©ffii$#gHc«ft;rftST-** 
M»r-r*m2(7)Mfr#S<»:. IMBft 2 4>fttt¥IRtcfilft 

stusr-*©-**. att»wtLT«B»ai73r** 

[0 0 2 2] *8f£<Dffi©<B8ilCJ:*l.tf\ x~5* 

*«*rr *sr 1 mm i ©sft#aK«8 

* titer— 9 *A7D U m^O/ \°5 /—9 icg^TA 

fiT-*m:%.m%m i <r)m&*®t. mm i 

* S9>J««%W11 LT/\°5 p< - * ^^MT *M 1 W»tiJ 

#s<t, huib^ 1 otij73#Kcfc y a***i*a»a»>j(«: 
a^.. T-tzufttzmKDUft^mt. mminu 
ica^TA^T-^atjMrsii 2 oa*^at, 

«^#ISlc«^* n* 7 s -* ^MSt-T *m 2 <75M$T#lft 
HUl3S2(7)«^^SlcffiJ#*n*7 : '-'S!W-a5^ 



(5) 
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witi^*-* jmzm&Mm vz*?*-* 
*a»»$ufcs-^TiB^x*ara-r*aw#«£*s 

<l£tllcaa.«. 
[0 0 2 3] 

HB§] ##**»E<oa»»£»lE*3l,*TW;. 
^TA*l7 r -*1i£SSi#SlE<J: 'JSJftU R£&# 

tcfiasa-ti*^-*©— asawjt LTjH*aa 

[0 0 2 4] £/c, W£U#©6' i Huia/\7^-^<!:LTtii 
*»5"J6^«»5<J*«t£r 5 C <t tfHMft/ \°5 * -* % 

[0 0 2 5] Sfc. 3flMHT\ =r-9*$mtZ*-\<» 
«8SWc«J#S*ifc x- * * JS 1 W^gPlc A7J U Br 

stifcT-* *s 2 ©s»bmc a*i u wso/ <5 * - 

S. iMB»2<Dfl^»lc«8S*i*r-r *«JWrU *0 

[0 0 2 6] 
[HlfcflJ] 

HI I*. LFSR*ffl^fcaa*a»07 
□ ■y^«fiK^-TEIT'«5„ ->7 h 1 1 &tf-> 

7 h U5>X* 1 1 ©*US>X*frSffl«*t«BW*L-> 
7 hUi/'X* 1 1 lC7-c-K/«->^-rS*Bi5a*ls]»1 

[0 0 2 7] **Jfiffi|(Cj:«a»«t©#IO«WTOa 
yiCftd (/c/cL#MI3. 4. 5 ttlHRKfrttfl*) . 
[0 0 2 8] 1. ->7 h 1 1 <D&ls-JX$lZ.W 

[0 0 2 9] 2. 4£H££&|5]&1 2BftgPfr£4x.6*X 

[0 0 3 0] 3. &U^7$B4*bttfdE£;&U:v7 

[0031] 4. «ttsoL/-yx*©ii*aatLTUi 
7D-r*o 

[0 0 3 2] 5. &\s&7>*vm*2. T&tf££ft1tM 



[0 0 3 3] 6. J-XT3. 4. 5. £«y jgftf, xt 

(2) ic t fci,t±j7:aa9yo»^* ,i ff^^^J;5tc-ri.f ; : 
46, ffl**n*a»©«tf*©aiwjo)w«Ttc«8Wfta 

te<D«£->7KU-;?X*flD!ft«©2fg) <i:y* 
[0 0 3 4] £<7>#IHlC&^T. #Ji4. Ttt**tl* 

tt-tf^R^ictoTW^ffti^aikta:*. uses 
j&hssu: and ®$&zmm Lfc»s<Da»58£»*ia 2 

IS^-rSo AND[Hl»lcSN«*tlfcU^X*©«tt, BU 
a©^v7?iJ<D«hn s h„-1 . -\ h 2 , hi ^IcR* 

ffl*a»»9"JOttfl 5 ->7 h WJX* 
©IS&©21g£®*£KU:/\°5;rf-£©£MK<fcc>TU 
j;X5tfl)f«BEtftHa (2) *W<Citf?S*\ 

attw*»«Tr*c<ttfT*fl:t\ 

[0 0 3 5] $/c, #116. iCfc^Ts aj7D?tl^.aa 

©»# s-roaiwuu: J; y »£*ft**fB«3ts© 2 fgj: 

SHU BSB«fc£3*S*LfcJiS?tK St (2) 

y . '&*m(D£ => tc^ftJKBo^Toaaswj^nwr* 

ft*<D*l» <' C £ T* * / y - * lc «fc o Ttt 
[0 0 3 6] (Stt9J2) LFSRlC«fc4a»58ft»T 

»*. ai^a»«5<j©«i«Tfc«e«a:a»©»tt lfsr© 

SBW)21g?2&*#» #MBE7-r- K/W 7 ->7 h U-7 
X**ffll^cli^l!:B)|f«rtCje«&att©tt*L F S R 

(2) ICfciU^attWClBSrlCiEWftlfv htt*i«^< 

JB»J*** < T 5 C i: * ; T$ 4 1 f 3 

1a 3 ic^-To 

[0 0 3 7] BI3tt*»WlC«J:*IBl!»7<-KA'y^ 

->7 h us;x4i»ffl^/t«d©a»5>j»*»*3ir7'p 

•y 70T'*5o v7 h U-7X^ 1 1 Sy~->7 h Isi/Xt 

1 1 (n^wj^t^om^immmkL^ v u-7'x 

* 1 1 H:7-f-K/<y^r*?NB»BSft[alB3 1 ^S* 

So 

[0 0 3 8] *3!ttfliJfc<fc*att»£©#lfflttW"F<0a 
yicfr5 (fcfcL#)13. 4. 5. B|W]B#(C^n 

5) o 

[0039] 1. ->7hbi>'X^1 1©SU-^W0 
[0 0 4 0] 2. JM8Jt2S»B»3 1ttttg$frS4*S 



(6) 
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[0 04 1] 3. &ls~JX$te5X5ftrcmZ£fci'7 
[0 0 4 2] 4. m^Olyz/XlKDm^UMtLZiii 
[0 0 4 3] 5. &ls-JX$0)m&2. T&fcZtltdt 

[0 0 4 4] 6. WT3. 4. 5. *mVMtt>\ it 
(2) iz&Ztiitl&mWMVTtfntti^^iztZr;: 
46, iiiT^ft^aawatf^oaa^ftP/TK^&a 
a©a<J: y ±1* < &3iffll;:&|IH3£&ls]8l;: A7]t?./ \° 

[0 0 4 5] C©#H@lC33l^T, #114. Ttii7]?ft£> 
flCO^TXli-gl?, ^(*#^£&[°]Sg3 1©*7]© 

©JfttJBHKCAaj^OWJSSIBH* tlfc R O Mfflc* 
[0 0 4 6] (H«§#J3) Xffiffll. 2. Ttt. *«W1 

*t>& y -¥>-r < Kwr 4fc»i»BawMi«7 -r - km 

**«ija>*W*47{.6!h./£«lJIB«* 1 t»i:^ £»S*ifc 
£»*MLT7*-K/W*TSC(t(c«fcy>I«ttlca 

it^^gpj: y 5** at * - * ic * ? T%mt z 
z t. &ic&&tt* : &i£?z<Dic.zmr<i:rai<D?L&yi 

u H»«i*a*ajEr*ci, icfcSo crocks 

0£6fr& J; -5 IE. SSU»***ai: LT«»&tf#«JB7 

l/>* Z tffT'ZZCDitm? $Tfc&l<\, 
[0 0 4 7] 7-f-K/^yfS»tCfiWS»»*- 

[0 0 4 8] (£ttflj4) 04tt, aa*38£*-&3# 
Hi: LT->7 h Ui>'7*%m^tfl%£^LTl^o 

[0049] **K0iJ?tt, f-ftWiH-Of P *v 7T 
Ift^-rSRi ~R n ©nfi©U-7'X$, SUv'X^fre 
©iiJ7]<!:ltli<SUv ; 7£ (R n ) frS©7-f- KMv 7ti3 

1 ~S m CmiOD (HE) i|S}KaSi[Hl»6 N 6ftSc 
[0 0 5 0] **tt«yfc«J:*a»«£0#liHtt«T©a 
y^T-5 (fcf£L#IH3. 4. 5. ttlPMKfrtatl 

[0 0 5 1 ] 1 . &i,VZ*lz 1 ttl?tlWm*1B.£.T 

[0 0 5 2] 2. St ~S m ©S (#) t&gs&mgii 



[00 5 3] 3. g£SS©U-77x£ (R n ) ©1(£aa 
<!:LTiil73U «&SS<DU-77^ (Ri ) ©fil^-T^o 
[0 0 5 4] 4. §1^7*1*3. (Cfc^T«J$LTV 

[0 0 5 5] 5. g- (#) «BBS»[H]H»i#ffl©uyx 
S 6 tiJ7] drtlfdl t R n 6 ©7 -r - K A ■> * itiTJ t 
£2. Taj£*tlfe (#) ttflJSftlCioTSftU * 

©uv^ictn*;?- £>„ 

[0 0 5 6] 6. J-XT3. 4. 5. S 

( 2 ) iz^i^&miomitmxfti^ o\z?%tz 

46. U^tftiSattoatff-OfSLIkWOllWrtCjSWftSSL 
tt©»«fc»J (#) «flSS*0HHcA7Jf 

So 

[0 0 5 7] CO^IlKfcl^T. R n ©fcb*>©£TX(i 
^tf*!6«*Jte£oT»££tl*a»£ft*o 

[0058] ±ib#iihc«j^Ts & c#) mm. 
^mwam&n r o m«ic£ r>xwm* z ttfT°z. 

[0 0 5 9] (Uttfl 5) H5(i8i%a»%£IIKDE 
S (Da t a Encryption Standar 
d) Bi^lHllS^ffl^^JiitcDIISg^J^LTl^o flifi 
M^-^tWtl^^^^S^JfS*^ DES 

^©s^mc^*^ fcti* <fc 5 £ & o T33 »J » *© 

[0 0 6 0] (*Jfi«lJ6) WTO*ffifflJlC < t+l(#, sua? 

oTaa»SSlcfi^5***a**"JWr4«:i:lc«J:r3 
T» OfiJjjSiTS 5 if i* 14 <t 7d B Of ij & T'25 3 fi 

£14© 2 *aiWJ0564*WT© J: 3 ic LT 

pjBEtcLrct©T$5„ 

[0061] ^iCAic«j;*a»fe^tff(i:tii7]?ti3a» 
©tttf, *©a»9j©»wfc(g»&aR©tt <fc y < 

^ LT&ttR£#«©£8M>*SG«SJE* C <k lc <fe 

y, jC (2) 0*aic«fc*U^a»5<J©l*Brfl«fT^.fi:^ 

^^(CL, tiifta&£5y©££14£iS46£ 

5 0 ioT, -?-©^-y7$iJ©fi«-/\"^J<-^i:LT^j$: 

BlctoTMr^o 

[006 2] C©i§£\ *aA*ffl^rca»**»(C«J: 

oTffi*Trn*a»oa*i t *oatt5ijo»«Ttci8ais:a 



(7) 
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T«5o 

[0 0 6 3] Sfcs 3£ (2) <0*S7»#r^ffo<DtC+ 
Lfct LTt, UStfrT** Z<Dlt*(D$ V 7$iJ©ffi©B#7c 

ht*$ y v «esw>* 5 K*ftja»©£T©att*5u*«* 

[0 0 6 4] (HSii#J7) LFSRfc«fc*att»£H? 

b, a^aftswjoxiwficigsKaattottttL f s r© 
s»©2fgT?a&*#. ^mmy-f- k/w*->7 k uv 

X**fflt^Ji&lCBIIWffCiWS:a»««*L F S R 

(2) fc«fc4asaftaw©i*iffiEiMRi:e'y k»« 5 *< 

HtiiJll^^^* <T?5i:i:li> iSS$5&S©[Slt& 
7a 3 B ft ^5 / * WaSPUm^i§£U:f#lc*$&*iJ 

[00 6 5] *(D#$m7 -f-K/bWhl/ -77. * 
*ffil*fc*ttfll*H 8 KSr. H 8 li*%lK(c £ £#flg 
fl*7-f- K/W7-77 h Uv-'72£ffl^fcJ§£©a$tf'J 

£3MS£ LT77 h U^X»Ktf->7 h b-77*©#L> 
-77 $ 6 <Dfl£#|»g£& L -7 7 h L/ -77 £ K 7 -f - 
K/^yf f **«JBa»lHl»2 1 «§i\ TJiCBlcg^ 

aai»atty<7^-5iiiuiHi»6 1 fre><Dmtnc*vm 
[0066] *se«ffii(c«fc*att»s#iiEBWToay 

fcfj? (fcf£L#ll4. 5. 6. ttmPSKtr*)*!.*) = 
[0 0 6 7] 1. -77 hL-77£©&Uv ; 7£&07\°5 

[0 0 6 8] 2. /<7*-*»Hig»*£*.5tlfc«]Jfl 

[0 0 6 9] 3. #tfjg£jttsltt2 1 It. 2. lC<fc»J4 

[0 0 7 0] 4. &U-77*«5*5*lfdI£:&tf:-77 

[00 7 1 ] 5. *frffi©U-7'7*©ffi£a&<!:LTffi 
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(54) RANDOM-NUMBER GENERATORCOMMUNICATION SYSTEM USING THE 
SAME AND METHOD THEREFOR 

(57)Abstract: 

PURPOSE: To generate a safe random number sequence at a high speed. 
CONSTITUTION: This generator is provided with a shift register 1 bonding dataa 
linear conversion circuit 12 inputting the data held in the shift register 1 1 and 
converting an inputted data value based on a prescribed parameteran update means 
updating the data held in the shift register 1 1 based on the conversion result by the 
linear conversion circuit 12 and an output means successively outputting the partial 
data held in the shift register 1 1 as a random number sequence. 



CLAIMS 



[Claim(s)] 

[Claim 1]Holding mechanism holding dataand a conversion method which inputs data 
held at this holding mechanismand changes an input data value based on a 
predetermined parameterA random number generator having an update means which 
updates data held at said holding mechanismand an output means which outputs some 
data held at said holding mechanism one by one as a random number series based on 
a conversion result by this conversion methodand changing said parameter with a 
predetermined cycle. 

[Claim 2]A random number generator comprising: 
Holding mechanism holding data. 



A conversion method which inputs data held at this holding mechanismand changes an 
input data value based on a predetermined parameter. 

An update means which updates data held at said holding mechanism based on a 
conversion result by this conversion method. 

An output means which outputs some data held at said holding mechanism one by one 
as a random number seriesand a calculating means which presuming this series from a 
power range system sequence as said parameter computes a difficult parameter 
series one by oneand changes a parameter. 

[Claim 3]The 1st holding mechanism holding dataand the 1st conversion method that 
inputs data held at this 1st holding mechanismand changes an input data value based 
on a predetermined parameterThe 1st update means that updates data held at said 
1st holding mechanism based on a conversion result by this 1st conversion 
methodThe 1st output means that outputs some data held at said 1st holding 
mechanism one by one as a random number seriesThe 2nd holding mechanism that 
equips a sending set with an encoding means which enciphers correspondence based 
on a random number series outputted from this 1st output meansand holds dataThe 
2nd conversion method that inputs data held at this 2nd holding mechanismand 
changes an input data value based on a predetermined parameterThe 2nd update 
means that updates data held at said 2nd holding mechanism based on a conversion 
result by this 2nd conversion methodA communications system equipping a receiving 
set with the 2nd output means that outputs some data held at said 2nd holding 
mechanism one by one as a random number seriesand a decoding means which 
decodes a cryptogram based on a random number series outputted from this 2nd 
output means. 

[Claim 4]The 1st holding mechanism holding dataand the 1st conversion method that 
inputs data held at this 1st holding mechanismand changes an input data value based 
on a predetermined parameterThe 1st update means that updates data held at said 
1st holding mechanism based on a conversion result by this 1st conversion 
methodThe 1st output means that outputs some data held at said 1st holding 
mechanism one by one as a random number seriesThe 1st calculating means that 
presuming this series from a power range system sequence as said parameter 
computes a difficult parameter series one by oneand changes a parameterThe 2nd 
holding mechanism that equips a sending set with an encoding means which enciphers 
correspondence based on a random number series outputted from said 1st output 
meansand holds dataThe 2nd conversion method that inputs data held at this 2nd 
holding mechanismand changes an input data value based on a predetermined 
parameterThe 2nd update means that updates data held at said 2nd holding 
mechanism based on a conversion result by this 2nd conversion methodand the 2nd 
output means that outputs some data held at said 2nd holding mechanism one by one 
as a random number seriesThe 2nd calculating means that presuming this series from 



a power range system sequence as said parameter computes a difficult parameter 
series one by oneand changes a parameterA communications system equipping a 
receiving set with a decoding means which decodes a cryptogram based on a random 
number series outputted from said 2nd output means. 

[Claim 5]Data held at the transmitting side at the 1st attaching part holding data is 
inputted into the 1st converterBased on a predetermined parameterchange input 
dataand based on a result of this conversionOne by oneupdate data held at said 1st 
attaching partoutput some data held at said 1st attaching part one by one as a 
random number seriesencipher correspondence based on a random number series this 
outputtedtransmit to a receiverand a cryptogram by a receiver. Data held at the 2nd 
attaching part holding data is inputted into the 2nd converterBased on a 
predetermined parameterchange input dataand based on a result of this conversionA 
correspondence procedure updating data held at said 2nd attaching partoutputting 
some data held at said 2nd attaching part one by one as a random number seriesand 
decoding a cryptogram based on a random number series this outputted. 
[Claim 6]Data held at the transmitting side at the 1st attaching part holding data is 
inputted into the 1st converterBased on a predetermined parameterchange input 
dataand based on a result of this conversionUpdate data held at said 1st attaching 
partpresuming this series from a power range system sequence as said parameter 
computes a difficult parameter series one by oneand a parameter is changedAt the 
time of ordertransmit to a receiver and a cryptogram which outputs some data held at 
said 1st attaching part one by one as a random number seriesand enciphers 
correspondence based on a random number series this outputted by a receiver. Data 
held at the 2nd attaching part holding data is inputted into the 2nd converterBased on 
a predetermined parameterchange input dataand based on a result of this 
conversionUpdate data held at said 2nd attaching partand presuming this series from 
a power range system sequence as said parameter computes a difficult parameter 
series one by oneand it updates a parameterA correspondence procedure outputting 
some data held at said 2nd attaching part one by one as a random number seriesand 
decoding a cryptogram based on a random number series this outputted. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Industrial Application]Especially this invention relates to secrecy of the data in the 
encryption communication fieldattestation of an addresser and an action 
addresseesharing of an encryption keya zero knowledge proof protocoletc. with 
regards to a cipher system. It is related with the simulation using random 
numberssuch as a Monte Carlo simulation. 



[0002] 

[Description of the Prior ArtjConventionallyas one of the random variate generation 
methodsthe thing using the linear feedback shift register (LFSR) which generates a 
maximum length periodic system sequence (M sequence) is known as shown in the 
69-72nd page of literature "present age code theory" (IkenoAkira Koyamathe Showa 
61 issuelnstitute of Electronicslnformation and Communication Engineers). 
[0003]it is indicated in drawing 14 as a LFSR method — as — shift register R(t) = (r s 
(t).) of s stage r,_, (t) and r 2 (t)r, (t)and a tap (bay line) sequence (h — ) [ , and ] It is 
the method of generating a pseudo random number system by consisting of h s _, h 2 and 
h,and performing the following operations simultaneously to each every time (stop). 
[0004](a) Output bit r, (t) of a rightmost register as a pseudo random number system. 
[0005] k=r, (t) 

(b) r s (t)r s _, (t) and r 2 (t) are shifted to the right. 
[0006^+1) =r i+ , (t) (i= 12 s-1) 

(c) Calculate bit r s (t+1) of the register of a high order end as follows by the contents 
and the tap sequence of a register. 

[0007] 

[External Character 1] 

When it collects abovethe pseudorandom-numbers generation algorithm of a LFSR 
method uses the procession H of an s line s sequenceand is R(t+1) =H-R(t) mod2 (1). 
Jam[0008] 

[External Character 2] 
It can express. 

[0009]lf the tap sequence of LFSR of this s stage is chosen wellthe bit series of the 
pseudorandom numbers of maximum cycle 2 s -1 can be generatedand the series at 
that time will turn into the above-mentioned maximum length periodic system 
sequence. 

[0010]Howeverin the random variate generation method using this LFSRthe tap 
sequence (h s h s _, h 2 h,) of s stage can be determined by the following methods from 2- 
s bit output pseudo-random number sequence using the linearity of LFSR. 
[0011]The pseudo random number systems outputted are k,k 2 and Supposing it is and k 2s At 
a certain timethe contents R (t) of the register of t (t= 12 s+1). R(1) R[ =(k s K s _, k,) 
T (2) = (k s+l .) K s k 2 T — It can express R(s+1) = (k 2s K 2s .,...k s+1 ) T ( T shows transposition). 
At this timethey are the processions X and Y X= (R (1)R (2) R (s)) 
Y= (R (2)R (3) ...R(s+D) 

Since the relation of Y=H-X will be materialized from a formula (1) if it carries outit is 
H=Y-X" 1 (2). 



It is alikeH is called for more and a tap sequence is determined. 
[0012]That isalthough the cycle of a random number is 2 s -1it opts for the 
composition of LFSR by a bit for 2 of them s. In this casesince all the random number 
sequences generated henceforth at that time were knownthere was a fault that it was 
unsuitable in respect of safetyusing an output random number sequence as a random 
number for codes. 

[001 3]If a nonlinear feedback shift register is usedit is known that the number of the 
random numbers which are needed for the analysis of an output random number 
series can be enlarged. howeverBARE comp Massey's algorithm (E. — 
R.Berlekamp"Algebraic coding theory".) McGraw-Hill Book Company and LFSR of the 
minimum number of stages which can generate the series by 1968 could be 
calculatedand the random number generation method using a nonlinear feedback shift 
register may also have been analyzed by the method of the formula (2). 
[0014]As mentioned aboveif the output random number of a certain time can be 
gotthe random number generation method which can predict easily all the random 
number sequences outputted after it will be called the method A for convenience. 
Although the method A is not safe in cryptography as mentioned abovesince 
composition is easyit has the feature that high speed processing is possible. 
[0015]Unlike the method Athe random variate generation method with which it 
becomes very difficult to predict the random number which should be generated 
henceforth at that time only from the random number sequence generated by a 
certain point in time is shown belowand it will be called the method B for convenience. 
[0016]As a realization method of the method Bthe method as shown in literature 
"ADOBANSEZU yne cryptology" ("Advancesin Cryptology"the 1983 issuePLENUM 
PRESS61 - 78 paragraph) is known. That isif a random number sequence is made into 
b,b 2 and bit b, will make a prime number the initial value and p which give x 0 
arbitrarilyand qand it is x i+1 =Xi Z modn (i= 01 and 2 ) (3). 
bplsb (X;) (i= 01 and 2 ) 

Be alike is given (howevern=p-q and Isb express a least significant bit). 

[001 7] Random number sequence b, generated by this methodb 2 It is known that only the time and 

effort which is the same as factoring n is required for asking for bi to and b i + 1" That " sit " S kn0Wn that the 

computational complexity for asking for the random number which should be 
generated henceforth at that time only from the random number sequence generated 
by a certain point in time is equivalent to computational complexity required to factor 
n. Howeverin order to make it difficult to factor n in computational complexityp and q 
need to be about hundreds of bits. Thusthe random number generated by the way it 
becomes difficult in computational complexity to predict the random number which 
should be generated henceforth at that time only from the random number sequence 
generated by a certain point in time is called pseudorandom numbers safe in 
cryptography. 

[0018]Howeverwhen a pseudorandom-numbers generating system safe in 



cryptography is used as a random variate generation method, p and q needed to be 
about hundreds of bits as mentioned aboveand there was a problem that the 
computational complexity for calculating x i+1 =Xj Z modn of a formula (3) in that case was 
largeand a random number could not be generated at high speed. 
[0019] 

[Means for Solving the Problemjln order to solve an aforementioned problema random 
number generator of this invention is provided with the following. 
Holding mechanism holding data. 

A conversion method which inputs data held at this holding mechanismand changes an 
input data value based on a predetermined parameter. 

An update means which updates data held at said holding mechanism based on a 
conversion result by this conversion method. 

An output means which outputs some data held at said holding mechanism one by one 
as a random number series. 

[0020]Holding mechanism which holds data according to other modes of this invention 
and a conversion method which inputs data held at this holding mechanismand 
changes an input data value based on a predetermined parameterAn update means 
which updates data held at said holding mechanism based on a conversion result by 
this conversion methodlt has an output means which outputs some data held at said 
holding mechanism one by one as a random number seriesand a calculating means 
which presuming this series from a power range system sequence as said parameter 
computes a difficult parameter series one by oneand changes a parameter. 
[0021 ]The 1st holding mechanism that holds data according to other modes of this 
inventionThe 1st conversion method that inputs data held at this 1st holding 
mechanismand changes an input data value based on a predetermined parameterThe 
1st update means that updates data held at said 1st holding mechanism based on a 
conversion result by this 1st conversion methodThe 1st output means that outputs 
some data held at said 1st holding mechanism one by one as a random number 
seriesThe 2nd holding mechanism that equips a sending set with an encoding means 
which enciphers correspondence based on a random number series outputted from 
this 1st output meansand holds dataThe 2nd conversion method that inputs data held 
at this 2nd holding mechanismand changes an input data value based on a 
predetermined parameterThe 2nd update means that updates data held at said 2nd 
holding mechanism based on a conversion result by this 2nd conversion methodA 
receiving set is equipped with the 2nd output means that outputs some data held at 
said 2nd holding mechanism one by one as a random number seriesand a decoding 
means which decodes a cryptogram based on a random number series outputted from 
this 2nd output means. 

[0022]The 1st holding mechanism that holds data according to other modes of this 
inventionThe 1st conversion method that inputs data held at this 1st holding 



mechanismand changes an input data value based on a predetermined parameterThe 
1st update means that updates data held at said 1st holding mechanism based on a 
conversion result by this 1st conversion methodThe 1st output means that outputs 
some data held at said 1st holding mechanism one by one as a random number 
seriesThe 1st calculating means that presuming this series from a power range 
system sequence as said parameter computes a difficult parameter series one by 
oneand changes a parameterThe 2nd holding mechanism that equips a sending set 
with an encoding means which enciphers correspondence based on a random number 
series outputted from said 1st output meansand holds dataThe 2nd conversion 
method that inputs data held at this 2nd holding mechanismand changes an input data 
value based on a predetermined parameterThe 2nd update means that updates data 
held at said 2nd holding mechanism based on a conversion result by this 2nd 
conversion methodand the 2nd output means that outputs some data held at said 2nd 
holding mechanism one by one as a random number seriesPresuming this series from 
a power range system sequence as said parameter equips a receiving set with the 2nd 
calculating means that computes a difficult parameter series one by oneand changes 
a parameterand a decoding means which decodes a cryptogram based on a random 
number series outputted from said 2nd output means. 
[0023] 

[Function]In the random number generator of this this inventionthe data held at 
holding mechanism is inputtedan input data value is changed by a conversion method 
based on a predetermined parameterand an update means updates the data held at 
said holding mechanism based on the conversion result by this conversion method. An 
output means outputs some data held at said holding mechanism one by one as a 
random number series. 

[0024]It computes a difficult parameter series that a calculating means presumes this 
series from a power range system sequence as said parameter one by oneand a 
parameter is changed. 

[0025]The data held at the transmitting side at the 1st attaching part holding data is 
inputted into the 1st converterBased on a predetermined parameterchange input 
dataand based on the result of this conversionOne by oneupdate the data held at said 
1st attaching partoutput some data held at said 1st attaching part one by one as a 
random number seriesencipher correspondence based on the random number series 
this outputtedtransmit to a receiverand a cryptogram by a receiver. The data held at 
the 2nd attaching part holding data is inputted into the 2nd converterlnput data is 
changed based on a predetermined parameterthe data held at said 2nd attaching part 
is updated based on the result of this conversionsome data held at said 2nd attaching 
part is outputted one by one as a random number seriesand a cryptogram is decoded 
based on the random number series this outputted. 
[0026] 
[Example] 



(Example 1) Drawing 1 is a figure showing the block configuration of the random 

number generator which used LFSR. It consists of the linear transform circuit 12 

which carries out linear transform of the value from each register of the shift register 

1 1 and the shift register 1 land is fed back to the shift register 11. 

[0027]The procedure of the random number generation by this example is followed for 

the following to pass (howeverProcedure 3.4.5 is performed simultaneously). 

[0028] 1. Set an initial value as each register of the shift register 11. 

[0029]2. The linear transform circuit 12 opts for linear transform according to the 

parameter given from the outside. 

[0030]3. Each register shifts the given value to the right. 

[0031 ]4. Output the value of a rightmost register as a random number. 

[0032]5. Carry out feedback transformation of the value of each register according to 

the linear transform for which it opted by 2.and consider it as the value of the register 

of a high order end. 

[0033]6. Although 3.4.5. is repeated belowln order to be unable to analyze the output 
random number sequence by a formula (2)before becoming larger than the number of 
the random numbers which the number of the random numbers outputted needs for 
the analysis of the random number sequence (in the case of now twice of the stage of 
a shift register)the parameter inputted into the linear transform circuit 12 is 
changedand a linear transform method is changed. 

[0034]In this procedureall or a part of output of a linear transform circuit serves as all 
the values outputted by procedure 4.or a random number generated by this invention 
in part. The random number generator at the time of using an AND circuit for a linear 
transform circuit is shown in drawing 2 . In drawing 2 an initial value is first set as a 
shift register. Since the value of the register connected to the AND circuit means 
value h n of the above-mentioned tap sequenceh n _, — h 2 and h,if the value of a register 
is changeda linear transform method will be changed. If the value of a register is 
changed by change of a parameter before the number of output random number 
series exceeds the twice of the number of stages of a shift registera formula (2) 
cannot be solved and a random number sequence cannot be analyzed. 
[0035]The parameter inputted into a linear transform circuit after the number of the 
random numbers outputted becomes larger [ the linearity complexity determined by 
the random number sequence ] than twice in procedure 6. is changedEven when a 
linear transform method is changedonly in the case of the linear transform methodit is 
analyzed by the formula (2)and since it can prevent analyzing all the random number 
series after it like a conventional exampleit is safe after changing a linear transform 
method with a parameter. 

[0036](Example 2) Although the number of random numbers required for the analysis 
of an output random number series is twice the number of stages of LFSR in the 
random number generator by LFSRwhen a nonlinear feedback shift register is usedit 
is possible to make the number of random numbers required for analysis large beyond 



[ of LFSR ] a case. Thereforesince the number of bits required for the analysis of the 
output random number sequence by a formula (2) increasesthere is an advantage that 
the change period of the parameter which changes the method of nonlinear 
transformation can be enlarged. The example using the nonlinear feedback shift 
register is shown in drawing 3 . 

[0037] Drawing 3 is a block diagram showing the random number sequence generator 
at the time of using the nonlinear feedback shift register by this invention. It consists 
of the nonlinear transformation circuit 31 which carries out nonlinear transformation 
of the value from each register of the shift register 1 1 and the shift register 1 land is 
fed back to the shift register 1 1 . 

[0038]The procedure of the random number generation by this example is followed for 

the following to pass (howeverprocedure 3.4.5. is performed simultaneously). 

[0039] 1. Set an initial value as each register of the shift register 11. 

[0040]2. The nonlinear transformation circuit 31 opts for nonlinear transformation 

according to the parameter given from the outside. 

[0041 ]3. Each register shifts the given value to the right. 

[0042]4. Output the value of a rightmost register as a random number. 

[0043]5. Carry out feedback transformation of the value of each register according to 

the nonlinear transformation for which it opted by 2.and consider it as the value of 

the register of a high order end. 

[0044]6. Although 3.4.5. is repeated belowin order to be unable to analyze the output 
random number sequence by a formula (2)change the parameter inputted into a 
nonlinear transformation circuit before becoming larger than the number of the 
random numbers which the number of the random numbers outputted needs for the 
analysis of the random number sequenceand change a nonlinear transformation 
method. 

[0045]In this procedureall or a part of output of the nonlinear transformation circuit 
31 serves as all the values outputted by procedure 4.or a random number generated 
by this example in part. It is realizable by ROM etc. which had correspondence of 
input and output of a publicly known nonlinear function memorized as composition of 
the concrete nonlinear transformation circuit 31. 

[0046](Example 3) By example 1.2. in order to explain this invention plainlydescribed 
the example using linearity and a nonlinear feedback shift registerbut. In the random 
number generation method which generates a random number continuously when the 
essence of the above-mentioned example performs and feeds back the defined 
conversion based on the given initial valuelt is without changing the parameter which 
controls this conversion methodbefore outputting only the random number sequence 
which is required to determine [ controlling the conversion method in this conversion 
by the parameter given from the exteriorespecially ] a conversion methodand 
changing this conversion method. It cannot be overemphasized that linearity and not 
only a nonlinear feedback shift register but various methods can be used as a random 



number generation method so that clearly from this. 

[0047]Although the case where it controls by the parameter given from the outside 
also about the conversion method in feedback transformation has been describedit is 
also controllable by the parameter which compounded the parameter given from the 
outsideand the parameter generated inside. 

[0048](Example 4) Drawing 4 shows the case where a shift register is not used as a 
procedure of generating a random number. 

[0049]n registers of R, which operates with the respectively same clock in this 

example - R n it consists of m linear transform (un-) circuits of S, which performs 

linear transform (un-) by the output from each registerand the feedback output from 

the last register (R n )and is outputted to the following register - S m . 

[0050]The procedure of the random number generation by this example is followed for 

the following to pass (howeverprocedure 3.4.5. is performed simultaneously). 

[005 1 ] 1 . Set an initial value as each registerrespectively. 

[0052]2. each (un-) linear transform circuit of S, - S m opts for linear transform (un-) 
according to the parameter given from the outside. 

[0053]3. Output the value of a rightmost register (R n ) as a random numberand 
consider it as the value of the register (R,) of a high order end. 

[0054]4. Each register holds the value in an input part at the same time it outputs the 
value currently held in 3. 

[0055]5. each (un-) linear transform circuit changes the value and the feedback 
output from R n which were outputted from the front register by the linear transform 
(un-) for which it opted by 2. and outputs them to a next register. 
[0056]6. although 3.4.5. is repeated belowin order to be unable to analyze the output 
random number sequence by a formula (2)change the parameter inputted into a linear 
transform (un-) circuit before becoming larger than the number of the random 
numbers which the number of the random numbers outputted needs for the analysis 
of the random number sequenceand change a linear transform (un~) method. 
[0057]In this procedureall or a part of output of R n serves as a random number 
generated by this example. 

[0058]in the above-mentioned procedurethe above-mentioned ROM etc. can 
constitute each (un-) linear transform circuitand each (un-) linear transform circuit 
may perform different (un-) linear transformrespectively. 

[0059](Example 5) Drawing 5 shows the example in the case of using a DES (Data 
Encryption Standard) encryption circuit to the pseudo random number generator. It is 
possible that the leading decoding method called the difference decoding method 
these days is proposedthere arises a question in the safety of a DES codeand a key 
is frequently changed as the measure. When using a DES encryption circuitchanging 
the key of a DES code will change a conversion method. 
[0060](Example 6) According to the following examplesit has the parameter 
calculation circuit which used the method B in order to compute the parameter given 



to the random number generator using the above-mentioned method ABy controlling 
the conversion method in a random number generator by the parameter outputted 
from this parameter calculation circuitgenerating of the random number sequence 
which realizes twothe rapidity which is an advantage of the method Aand the safety 
which is the advantages of the method Bis enabled as follows. 

[0061]By changing the value of said tap sequence in the neighborhood which becomes 
equaland making the method of conversion of a random number generation means 
changebefore the number of the random numbers outputted to the random number 
generator by the method A becomes larger than the number of random numbers 
required for the analysis of the random number sequencelt prevents from analyzing 
the output random number sequence by the method of a formula (2)and the safety of 
an output random number series can be improved. Thereforeit controls by the method 
B by using the value of the tap sequence as bara meter. 

[0062]In this casesince calculation of the parameter by the method B by the time it 
becomes larger than the number of the random numbers which the number of the 
random numbers outputted by the random number generator using the method A 
needs for the analysis of that random number sequence should just be performedeven 
if the method B is incalculable at high speedit is possible to generate a random 
number at high speed as a whole. 

[0063]Even if it changes the value of the aforementioned tap sequence after 
outputting a sufficient number to analyze by the method of a formula (2) of random 
numbersit is analyzable only at the time of the value of the tap sequence. And since 
control of the value of a tap sequence is performed by the method Bit is difficult to 
predict the value of the following tap sequenceand since it can prevent analyzing all 
the random number series after it like beforeit is safe after changing the value of a 
tap sequence. 

[0064](Example 7) Although the number of random numbers required for the analysis 
of an output random number series is twice the number of stages of LFSR in the 
random number generator by LFSRwhen a nonlinear feedback shift register is usedit 
is possible to make the number of random numbers required for analysis large beyond 
[ of LFSR ] a case. Thereforesince the number of bits required for the analysis of the 
output random number sequence by a formula (2) increasesthere is an advantage that 
the calculated cycle of the parameter for changing the method of nonlinear 
transformation can be enlarged. It becomes a big advantage especially that a 
calculated cycle can be enlargedwhen using the difficult method B of high speed 
processing for a parameter calculation section. 

[0065]The example using the nonlinear feedback shift register is shown in drawing 8 . 
Drawing 8 is a block diagram showing the random number sequence generator at the 
time of using the nonlinear feedback shift register by this invention. It is constituted 
using the parameter calculation circuit 61 based on the method B using the nonlinear 
transformation circuit 21 which carries out nonlinear transformation of the value from 



each register of a shift register and a shift register as a random number generation 
means based on the method Aand is fed back to a shift register. A nonlinear 
transformation method is controlled by the output from the parameter calculation 
circuit 61 . 

[0066]The random number generation procedure by this example is followed for the 
following to pass (howeverprocedure 4.5.6. is performed simultaneously). 
[0067] 1. Set an initial value as each register and parameter calculation circuit of a 
shift register. 

[0068]2. A parameter calculation circuit computes the first parameter from the given 

initial valueand outputs it to the nonlinear transformation circuit 21. 

[0069]3. The nonlinear transformation circuit 21 opts for nonlinear transformation 

according to the parameter given by 2. 

[0070]4. Each register shifts the given value to the right. 

[0071 ]5. Output the value of a rightmost register as a random number. 

[0072]6. Carry out feedback transformation of the value of each register according to 

the nonlinear transformation for which it opted by 3.and consider it as the value of 

the register of a high order end. 

[0073]7. Although 4.5.6. is repeated belowln order to be unable to analyze the output 
random number sequence by a formula (2)before becoming larger than the number of 
the random numbers which the number of the random numbers outputted needs for 
the analysis of the random number sequencea parameter calculation circuit computes 
the following parameteroutputs it to the nonlinear transformation circuit 21 and 
changes a nonlinear transformation method. 

[0074]In this procedureall or a part of output of a nonlinear transformation circuit 
serves as all the values outputted by procedure 5.or a random number generated by 
this invention in part. It is realizable by ROM etc. which made correspondence of input 
and output of a publicly known nonlinear function memorize as composition of the 
concrete nonlinear transformation circuit 21. 

[0075](Example 8) In Examples 6 and 7in order to explain this invention 
plainlyconsidered it as the random number generation meansand described the 
example using linearity and a nonlinear feedback shift registerbut. There is essence of 
this invention in controlling the conversion method of the random number generation 
means which used the method A by the parameter outputted from the parameter 
calculating means using the method B. It is in changing this conversion method with 
the output from a parameter calculating meansbefore outputting only the random 
number sequence which is required to determine especially the conversion method of 
a random number generation means. It cannot be overemphasized that linearity and 
not only a nonlinear feedback shift register but various methods can be used as a 
random number generation means so that clearly from this. 

[0076]To the pseudorandom-numbers evolution method safe in cryptography which 
can be used as the method B. The thing using RSA cryptographdiscrete logarithmand 



a reciprocal code is known as shown in literature "code and information security 
(TsujiiAkira Kasaharathe 1990 issue****Inc. Co.86 pages) other than a formula (3). 
These can also be used for the algorithm of the parameter calculating means of this 
invention. 

[0077]Also when a pseudorandom-numbers evolution method and the contents safe 
in cryptography combine the method of using in feedback ROM made secretlike 
drawing 2 the parameter generating means based on the method B can be constituted. 
[0078]Since the contents cannot know the remaining values inside ROM from the 
value which generated by then ROM made secret from the ROM only by the method 
of using in feedbackthe parameter generating means based on the method B can be 
constituted. 

[0079]Although the case where it controls only by the parameter generated by the 
parameter calculation circuit also about control of the conversion method of a random 
number generation means has been describedlt is also controllable by the parameter 
which compounded the parameter inside a random number generation meansand the 
parameter computed in the parameter calculation circuit. 

[0080](Example 9) Drawing 9 shows the case where a shift register is not used as a 
procedure of generating a random number. 

[0081 ]In this example. As a random number generation means based on the method A. 
m of T, which performs linear transform (un-) by the output from s registers and each 
register of R, which operates with the respectively same clock - R s and the feedback 
output from the last register (R s )and is outputted to the following register - T m . (un-) 
it is constituted using the parameter calculation circuit 61 based on the method B 
using a linear transform circuit, each (un-) linear transform method is controlled by 
the output from the parameter calculation circuit 61. 

[0082]The procedure of the random number generation by this example is followed for 
the following to pass (howeverprocedure 4.5.6. is performed simultaneously). 
[0083] 1. Resemble each register and the parameter calculation circuit 6 land set up 
an initial valuerespectively. 

[0084]2. the parameter calculation circuit 61 computes the first parameter from the 
given initial valueand outputs it to each (un-) linear transform circuit. 
[0085]3. each (un-) linear transform circuit of T, - T m opts for each (un-) linear 
transform according to the parameter given by 2. 

[0086]4. Output the value of a rightmost register (R 5 ) as a random numberand 
consider it as the value of the register (R,) of a high order end. 

[0087]5. Each register holds the value in an input part at the same time it outputs the 
value currently held in 4. 

[0088]6. each (un-) linear transform circuit changes the value and the feedback 
output from R s which were outputted from the front register by the linear transform 
(un-) for which it opted by 3. and outputs them to a next register. 



[0089]7. Although 4.5.6. is repeated belowin order to be unable to analyze the output 
random number sequence by a formula (2)before becoming larger than the number of 
the random numbers which the number of the random numbers outputted needs for 
the analysis of the random number sequencea parameter calculation circuit computes 
the following bara meteroutputs it to each (un-) linear transform circuitand changes 
each (un-) linear transform method. 

[0090]In this procedureall or a part of output of R s serves as a random number 
generated by this invention. 

[009 1 ]in the above-mentioned procedurethe above-mentioned ROM etc. can 
constitute each (un-) linear transform circuitand each (un-) linear transform circuit 
may perform different (un-) linear transformrespectively. 

[0092](Example 10) Drawing 10 shows the example in the case of using the DES (Data 
Encryption Standard) encryption circuit 51 for a random number generation means in 
this invention. It is possible that the leading decoding method called the difference 
decoding method these days is proposedthere arises a question in the safety of a 
DES codeand a key is frequently changed as the measure. When using the DES 
cryptogram decoders 51 changing the key of a DES code will change a conversion 
method. 

[0093](Example 11) Since the random number generated by the above-mentioned 
random number generator is strong to analysis as stated so farstrong encryption 
communication with high safety is realizable to analysis by using this random number 
for a cipher system. Hereafterin the encryption communication network by the cipher 
system (stream cipher) which takes exclusive OR for every bit between 
correspondence and a random numberthe example of the encryption communication 
using a random number generator is shown. 

[0094]The common key encryptosystem communication network which is sharing the 
encryption key peculiar [ drawing 1 1 ] among network members and secret is 
shownABC — the encryption key that shares N between the member of the 
networkK AB and K AC and — is sharing between member A-Brespectivelythe encryption 
key currently shared between member A-Cand — are shown. 

[0095] Drawing 12 is a block diagram showing the composition of the communication 
apparatus 122 containing the cryptogram decoders and the decoding device at the 
time of using the random number generator 121 which consists of a random number 
generation circuit by this inventionand a parameter calculation circuit. 
[0096] Drawing 13 shows the situation of the secrecy communication between A in the 
cipher communication system shown by drawing 1 1 and drawing 12 and B. 
[0097]Encryption communication to the member B is performed in the following 
procedures from the member A. 

[0098] 1. The communicative sending person A sets up all or a part of secret key K AB 
currently shared with the transmission destination B as an initial value of a random 
number generation circuit and a parameter calculation circuitand generates random 



number series kj. 

[0099]2. A takes exclusive OR for random number series k : and correspondence ni; 
which were generated for every bitand is a cryptogram. [0100] 
[External Character 3] 

It calculates and the cryptogram is transmitted to B. 

[01 01 ]3. The communicative addressee B sets up all or a part of secret key K AB 
currently shared the transmitting agency A as an initial value of a random number 
generation circuit and a parameter calculation circuitand generates the same random 
number series k ; as the sending person occurred. 

[0102]4. B takes exclusive OR for random number series k ; and receiving cryptogram 
C| which were generated for every bitand is correspondence. [0103] 
[External Character 4] 

It restores. 

[01 04]If this procedure is followedthe cryptogram received since the regular 
transmission destination B knew that secret key K AB can be decoded to original 
correspondenceand since the other member (C~N) does not know the secret key 
used when carrying out that cryptogramhe cannot know those contents. Secrecy 
communication is realized by this. The encryption key is not beforehand distributed 
like drawing 1 l and also in the network of the gestalt which precedes performing 
encryption communication and needs to share an encryption key among transceiver 
personsif a common key is performed by a publicly known techniqueencryption 
communication is realizable in the same procedure. 

[0105](Example 12) Since the encryption communication network shown in Example 
1 1 is sharing the key peculiar between the sending person and addressee of 
correspondenceand secretReceiving the cryptogramthat it can decode to the 
correspondence which makes a meaning has guaranteed to the addressee that 
correspondence was transmitted by the owner of one more person who is the key. 
Thereforein the secrecy communications system shown in Example 1 1 attestation of a 
communicative addresser and an action addressee can also be performed. 
[0106](Example 13) The encryption key is not beforehand distributed like Examples 1 1 
and 12In the network of the gestalt which precedes performing encryption 
communication and needs to share an encryption key among transceiver personsAs a 
method which can share an encryption key safely even when the possible channel of 
tapping is passed. The method (W. Diffieand M.E.Hellman"New Directions 
incryptography "IEEEITand vol.I.T-22No.6-1976) of Diffie-Hellman is known well. The 
random number by which it was generated by this invention can be used as a random 
number used in that case. 



[01 07]In that casesince the random number to be used does not need to have the 
same thing by the sending person and an action addresseethe initial value set as a 
random number generation means and a parameter generating means should just use 
any value. 
[0108] 

[Effect of the Invention]As explained abovebefore the number of the random numbers 
outputted from a fixed number of power range system sequences by the method 
(method A) in which analysis is possible becomes larger than a number required for 
the analysisby this inventionthe parameter of the method A is changed in the 
neighborhood which becomes equal. 

Thereforeit is effective in it becoming difficult to collect a number required for the 
analysis of the method A of outputsand the safety of the random number by which it 
is generated being improved. 

[0109]It is effective in the safety of the method A being improved further by changing 
the parameter of the method A based on the random number outputted by a method 
(method B) with difficult analysis from a power range system sequence. 
[01 10]In this casesince the output of the random number by the method B by the 
time it becomes larger than the number which the number of the outputs outputted 
from the method A needs for the analysis of the method A should just be performedit 
cannot be necessary to perform the random number generation of the method B at 
high speed. Howeversince the final output is an output from the method Ait can 
generate a random number at high speed. 

[01 1 1]If this random number series is used for encryption communicationit is 
effective in encryption communication with high high speed and safety being realized. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is a figure showing the block configuration of the random number 
generator using LFSR. 

[Drawing 2] It is a figure showing the detailed block configuration of the random 
number generator using LFSR. 

[Drawing 3] It is a figure showing the block configuration of the random number 
generator using a nonlinear feedback register. 

[Drawing 4] It is a figure showing the block configuration of the random number 
generator using two or more registers. 

[Drawing 5] lt is a figure showing the block configuration of the random number 
generator using DES cryptogram decoders. 

[Drawing 6] It is a figure showing the block configuration of the random number 



generator using LFSR. 

[Drawing 7] It is a figure showing the block configuration of the random number 
generator using LFSR. 

[Drawing 8] It is a figure showing the block configuration of the random number 
generator using a nonlinear feedback register. 

[Drawing 9] It is a figure showing the block configuration of the random number 
generator using two or more registers. 

[Drawing 10] It is a figure showing the block configuration of the random number 
generator using DES cryptogram decoders. 

[Drawing 1 1] It is a figure explaining a common key encryptosystem communication 
network. 

[Drawing 12] It is a block diagram showing the composition of the communication 
apparatus containing cryptogram decoders and a decoding device. 
[Drawing 13] It is a figure explaining the communications system which performs 
secrecy communication. 

[Drawing 14] It is a figure showing the block configuration of the conventional random 
number generator using LFSR. 
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